Trend Micro Apex Central™ Logs

Configuration Guide

Updated Jan 27, 2023

Trend Micro Apex Central™ Logs

Configure Trend Micro Apex Central™ to send logs to Arctic Wolf Direct link to this section

You can configure Trend Micro Apex Central™ to send the necessary logs to Arctic Wolf for monitoring security information.

  1. Configure the Syslog Settings.
  2. Enable log forwarding.
  3. Verify log forwarding.
  4. Provide your configuration details to Arctic Wolf.

Step 1: Configure the syslog settings Direct link to this section

  1. Log in to Trend Micro Apex Central™ as an administrator.

  2. In the menu bar, click Detections > Notifications > Notification Method Settings.

    The Notification Method Settings screen appears.

  3. In the Syslog Settings section, do the following:

    • Server IP address — Enter the FQDN or IP address of your physical sensor or virtual log collector.
    • Port — Enter 514.
    • Facility — Select the required facility code from the list.

  4. Click Save.

Step 2: Enable log forwarding Direct link to this section

  1. Log in to Trend Micro Apex Central™ as an administrator.

  2. In the menu bar, click Administration > Settings > Syslog Settings.

    The Syslog Settings screen appears.

  3. Select the Enable syslog forwarding checkbox.

  4. For your physical sensor or virtual log collector that receives the logs, do the following:

    • Server address — Enter the FQDN or IP address of your physical sensor or virtual log collector.
    • Port — Enter 514.

  5. For the Format list, select one of the following:

    • CEF — Uses the standard Common Event Format (CEF) for log messages.
    • Apex Central format — Sets the syslog facility code to Local0 and the severity code to Informational.

    See Supported Log Types and Formats for more information.

  6. In the Log type section, do the following:

    1. Select the Security logs.
    2. Select the checkboxes for the logs you want to forward.
    3. (Optional) Repeat these steps for Product information logs.

  7. Click Test Connection.

    The syslog server connection status appears at the top of the screen.

  8. Click Save.

    Trend Micro Apex Central™ forwards logs to the configured syslog server.

Step 3: Verify log forwarding Direct link to this section

  1. Log in to Trend Micro Apex Central™ as an administrator.
  2. In the menu bar, click Administration > Command Tracking.
  3. In the Command list, select Forward Syslog.

Step 4: Provide your configuration details to Arctic Wolf Direct link to this section

  1. Go to the Arctic Wolf Portal.

  2. Click Contact your CST.

  3. Include the following information in the message for your Concierge Security® Team (CST):

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address assigned to your Trend Micro Apex Central™ server.
    • Any other questions or comments that you have.

  4. Select Send.

    Your CST will review the details and confirm that we are successfully processing the logs from your Trend Micro Apex Central™ server.